Anonymous Routing for Mobile Wireless Ad Hoc Networks

1. Anonymous Routing for Mobile Wireless Ad Hoc Networks A. DURRESI and V. PARUCHURI Department of Computer Science, Louisiana State University, USA M. DURRESI and L. BAROLLI Faculty of Information Engineering, Fukuoka Institute of Technology, Japan International Journal of Distributed Sensor Networks, 3:105-117, 2007

2. Content • Introduction • Notation and Definition • Protocol for Anonymous Routing(PAR) • PAR-Enhanced • Conclusion

3. Introduction • Traditional Network • Pre-deployed Structure • Routers are owned few well-known operators and are assumed to be somehow trustworthy • Anonymity in Traditional Network • Mixnet • Onioning Routing • TOR • Mobile Ad Hoc Network(MANET) • Open medium • Dynamic topology • Distributed cooperation • Constrained capability • Absence of central authority • Anonymity in MANET • Protocol for Anonymous Routing(PAR) • PAR-Enhanced

4. Notation and Definition EiandDi: private and public key of node i E(M, k) and D(M, k): public key encryption and decryption of message M by key k IAi: invisible address of node I FID: flow identifier RP: redundancy predicate • IAi=E(E((i, FID, timestamp, RP), Ei), Di) • To verify node present m=E((i, FID, timestamp, RP), Ei) • Verifier check IAi=E(m,Ei)

5. Notation and Definition • Routing Flow Table(RFT maintained by each node) • FID: flow identifier • IPA: invisible previous node address • INA: invisible next node address • T: timer Entry is deleted if a route reply is not received before the timer expires

6. PAR Route Request • Route Request Packet has following field • FID = E((S,D,SEQ), Ds) : Flow Identifier • ESA = E((S,H(FID), timestamp, RP), Dd) • EDA = E((D,H(FID), timestamp, RP), Dd) • ITA = E(E((i,FID, timestamp, RP), Ei), Di) • Operations of non-destination node • RQ1: new entry added to RFT, set FID and ITA of request packet to FID and IPA respectively • RQ2: check if request packet is intended for it by decrypting EDA with its Ei and if it is the case, send route reply packet and omit RQ3 and RQ4 • RQ3: timer is initiated • RQ4: invisible address is computed and route request packet is retransmitted with its ITA set to the invisible address computed

7. PAR Route Reply • Route Reply Packet has following field • FID is set to the FID of route request • ESA = E((D,H(FID), timestamp, RP), DS) • EDA = E((S,H(FID), timestamp, RP), DS) • ITA = E(E((i,FID, timestamp, RP), Ei), Di) • IFA: Invisible Forwarder Address is initially set to the ITA of the corresponding route request packet • Operations of node that is not source • RP1: FID is searched in RFT, if no entry packet is dropped • RP2: IFA is verified by checking RP, i, FID, timestamp. If it fails, packet is dropped and further steps are skipped • RP3: INA corresponding to FID in RFD is set to ITA of the route reply packet • RP4: IFA of the route reply packet is set to the IPA in RFT and ITA of the route reply packet is set to the invisible address of i

8. PAR-Enhanced • Diffie-Hellman Key Exchange Algorithm • A and B agree on large prime, n and g such that g is primitive modn • A chooses a large integer x and sends B X = gx mod n • B chooses a large integer y and sends A Y = gy mod n • A computes k = Yx mod n • B computes k”= Xy mod n • k” = k is shared key • RFT: five new fields are added • n: large prime chosen by source • g: such that g is primitive mod n • x: large integer chosen for each entry by node maintaining RFT • PPK: previous node partial key • NPK: next node partial key

9. PAR-E Route Request • Additional three fields to Route Request Packet • n: large prime chosen by source • g: such that q is primitive mod n • TPK: transmitter partial key, computed and set by transmitter as TKP = gx mod n • Additional operations of non-destination node • RQ1-RQ4(same as ones in PAR) • RQ3a: choose x, set PPK field in RFT to TPK of route request and reset the TPK of route request to gxmod n

10. PAR-E Route Reply • Five fields are added to Route Reply Packet • n: large prime chosen by source • g: such that q is primitive mod n • NPK: next node partial key set by transmitter • TV: transmitter verifier TV = Es((Transmitter address, signature), SK) where SK=PPKxmodn, signature is constructed by encrypting the node address, hash of the packet with node’s private key, Es(M,k) is symmetric key encryption of message M by a key k • TV”: Previuos Transmitter verifier TV” = Es((Transmitter address, signature), SK”) where SK”=NPKxmodn, and signature is constructed analogues to one in TV

11. PAR-E Route Reply • Additional operations of destination node • Choose x, compute shared key SK SK=TPKx mod n • Construct route reply packet with new fields set in the following way • n: set to the large prime present in the route request • g: set to g present in the route request • NPK: next node partial key is set to gx mod n where x is chosen by destination node • SK: shared key computed as SK=TPKx mod n where TPK is transmitter partial key • TV: transmitter verifier as TV = Es((D,signature)SK) • TV”: transmitter verifier

12. PAR-E Route Reply • Additional operations of a node that is not source • RP1-RP4 • RP3a: computes shared keys as SK=NPKx mod n and SK”=PPKx mod n where x being the value in the RFT corresponding to FID, using SK, TV is verified by decrypting it with the SK. If it is valid, node sets NPK of route reply packet to gx mod n and using TPK from the RFT, node calculates SK=TKPx mod n and resets the transmitter verifier in the route reply packet to TV= Es((i,signature), SK) • Source node operation • Verify destination address by decrypting the ESA and EDA with its private key

13. Conclusion • PAR guarantees absolute anonymity, which itself may cause problems as it would become difficult to identify malicious and misbehaving nodes. • PAR-E trade off some anonymity to enable detection of malicious and misbehaving nodes which is that each node knows the identity of its neighboring nodes in the paths established so that it enables the intrusion detection system implementation.

14. Thank you